Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

Orbit.exe

windows7-x64

6

Orbit.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Orbit.exe

  • Size

    6.1MB

  • MD5

    fe319e98639caf5b1f885cf3627094c6

  • SHA1

    0b5a5ea5486e0d02edd249cf9e7842f0f59ce07f

  • SHA256

    ccdbdc7e8e807ced8202166730ac4e602fd2a3316f83d805f87dcb233615e918

  • SHA512

    a1eb4e116ff68bde28a09d74ad5c12673cead3e4baaba539e45f214b3dd65ded71cb0524c1d5c42436fbf31b58d425b1e11c0646aa4e1c55bb34076954edb394

  • SSDEEP

    98304:r21N0oAdwJlZTodhdM7nColP5rKkN6FIUzHq6Ay4Nf4VXyR1cU8bty:0m9dwJqI7VN5rzYlzHYy4NgpyR+

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Orbit.exe
    "C:\Users\Admin\AppData\Local\Temp\Orbit.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.com/oauth2/authorize?client_id=1249396591333212170&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fredirect&scope=identify+guilds+guilds.members.read
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    e9ba15206f15f5140c0f57573916d671

    SHA1

    6c65dbf56c1e3d95c7da3f25d611b24ddef8fafd

    SHA256

    8b0d60df5d470d7aa34d9e277ffa32f2cc0760d1e537a248469b39b7c9289ced

    SHA512

    026913e2014943538971aebf7bd4394f4b0849855f015823e080ff56926cfc799241b72cc2aeb380dbaee0d1728fbd302de2758e8e2d7695997c22879ad0d7a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d51ace9be39b7688dc4c60a08f7a788

    SHA1

    e5d97ddcf8eb9e36c964537ecf61979f75799fad

    SHA256

    ec6e14a782e0e2b632a92017a2e393d70dd2088879fab4b2c8758d4da054ad57

    SHA512

    0adf60574f6a7d0bc9f59ce225818bb089dbb408fc33b7fc2cac7ecee7bab1df06f3a38fac0ef0f37fd1d9aae6cc0adbf3a578ffa2a0be45773038970d5e2dc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b6cd37a3dd80121a5bebef8dd1527f3

    SHA1

    9c78f52e96aa0233da1863191f09f52c5725ad1f

    SHA256

    3a7137479494b8b7693472ad0a15f32d9559fa9c761c9cf967894b627ca544fd

    SHA512

    191a5dd03ed26b9ced54137c3004f38714bccbe7560b29ff0b07d3e86ec5c47812cce8a75052ac34a0b06a00ee69a378b8758b32e8950e5b504b8a58d587cb5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e97c7d1da4c771f5be9f8a6dc0d68145

    SHA1

    9a09db40d8b74b1658e77d95048e280dec4f4f9e

    SHA256

    be2078713f8b9fc67f8bfebb6ec37f3fd70b808579f54bd30df0b727aa73138c

    SHA512

    edec170e0e04bb553e84881559a77bf7414ec99cb021fb2f32e6ccf754018a2d1742d7d5d8c6838d39b7191707f360508e1c763b9ddaa44485ef871999dbfafb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a300468bfbabb33b9bf6bcf1830f240

    SHA1

    07c8df7c1da89137eb8da61db00fe1d31d68f046

    SHA256

    4b42f2d6a42d5d38c01376f844b1c0e09311483bf373d43675f9ff82b8e2e5ab

    SHA512

    5d498c20c64585e5151e7cec906874b1ac226d183e68fbcd7c024d0abbf6e90df6c87c4091047e8445e59878b8d51eef297661ae610ba48da7e82d93aed1adc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2818facceb821664fb0476ae6f0ecada

    SHA1

    9f717aa0ff0b14335cc1d171ecdff81c0226af98

    SHA256

    7fae04dde5509938177528f716f3c320f6be2b9138b5388110e8f39c151160e5

    SHA512

    edc58b99cee775a63c3e1115200a83262633b477c06581239b0ae03642a1a88ac1d8f5ccd014b107967780bfae90269023326eddbc696fc0f800569bfb9f8368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f9ae6e19f4de11e3acaa4de36ade481

    SHA1

    d16cf442cf722101609f6f2290339dcb54f46bdd

    SHA256

    6719fc4d7152934bf8f7a89ae1df55b97e0c1c2126eadd3cc727e596c1feaf86

    SHA512

    2e978b2526466f8c2733782399ca0e1d2a31679914bfe8a8082f1e391da425b071633225afbb36f5f2e82ce0f2e4c53ccd8a3929b72a84bdf9d621e50a17ca0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad3632577a25798859af91a5b3e865dc

    SHA1

    b638032db8778a19df8d1beff829b90e8d9a50ef

    SHA256

    286c36183b8ddcac7f92e13b261aaadd165033cfbfef763ae8992f15a08a4c9b

    SHA512

    a55957ec546b97591ac15c87c01c58b60ed1bfa2a37b86aac4649953d51db67a26e0d2067dd56b940ef3b5840e46a37d80252a037f1f29a117dc29c35a772f9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    112ca868c2c04df11bf2ba52b9568b5e

    SHA1

    e7b7fe1c17d1529bd5f986f4100396d8325dafc9

    SHA256

    7e41d0bdf202f3163859384bc9509c04f94fa038be5c38584ba818581d6d478c

    SHA512

    66c3535af2b7c2d1743b8706572f97c047f27b203d3a9ae8b09d4be91fa26a1b7c75569a59ea5379d42148bcc73350399fb32a5fbc809dc6f80e826104f45ff9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9567b78110e37008542ac9311277a797

    SHA1

    b8e1e1a584f8a639ec00fd5a80d6bcbfe1054b22

    SHA256

    ff357ad42f428c4a306150faf7f493a7ac23d5c7059d65ea39a1dd099c6a6540

    SHA512

    7d96df5d4a500df58d8ccd4625d5aaf68b8c5d8f3aa6a0419b8a67fef0106340828e9abb67b0346289ef56c1927c9c6f7b6a8c355062cc849b161900e5d15759

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    840b16368130aa3951591adb58ecde1f

    SHA1

    d6a4184a86df595a4e03c8772e12034483f200fe

    SHA256

    c7f52adbc63d9188962ca429a92f4f661efab78d8e822a36deb69c30683aeea6

    SHA512

    af5e5f1eb33fe2d278cde9738466014cf22f6355713d0fc74d158891fff5039454a7801b5278e42c2dbaa83285c269ebcf023c98765e57c9317a75438a6938dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a9f6e2bfca58bfd352cf88e94b73264

    SHA1

    56e0970a2244d7d0e7dfcc940757b039507ae869

    SHA256

    0e1b999c5a151883c0e860ae3b83abbf11f8a82450df51da4b8b3eaa6eb53cf5

    SHA512

    c06fe430fc2ba7c920f0f44df9a4ed75fcc8c6e869c445ac53ba1d9194471382b0a959f28a20f0c88fe15c454c001869d62e5cf4dfcf10ff47a31d01d94db8b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cee63b7c9c3a60ae25263bb6dc81869

    SHA1

    bf5ce66ce7aa1b68c53432093365dfeab7900c42

    SHA256

    b2c2a3fdc591b945d4f2b906103b90b3ea5ac5a721b1d58928d2b6d2ceacbc4c

    SHA512

    e33b966ad4ebec022c01eb55bba6288ad8a911c93e8ba5c9767d6ab1281c5b32fe67ed6636f90e866d96eb7b785f2b604c37383e07818a721fdcbdbabb09f945

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d97fd3d3e3f4062af2beabda17ca8566

    SHA1

    78048c03fb3f4176217372ca1422b49a7e29b007

    SHA256

    af68a0ca09a98b98205ae4ccea4f254daa9a7d64c76ef28c76fd783a992f5004

    SHA512

    a794f7179cf1a841a74062bcea994767f3289b28cb5e13a8b3f8a4c20d41baf1e1c402367b5b8f385d2c9fca3c9cd6ea9ccaad063eb2d923014b87075c0c6718

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99239bd2ea6eb71aa6293272a0f5ef02

    SHA1

    4d7b3b59d3662ffe871818647756a19e28206e4c

    SHA256

    40e0e5276aff0bc48f9298ef0048bb7e22b415332a86cd3b04d85068f1d9d327

    SHA512

    8f03ef3414be390c3f4cf49752a05acaa55713e4d8124423e267cd5ce2d05314a5e0b0354e956c5510a4e7bbc5755848c74a37b80c158c73e197b01d42a91fe8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3789d05775a7dcc29b3a7245dc92f2a7

    SHA1

    0113db3cf77506e8ac358319ff76356808837e07

    SHA256

    f7227c72e2910c969ab73d16970c99a2b0690188fd2c37c89b1e513b7468361e

    SHA512

    88ba85a017d72c22334551a3cdf158f1653d033623baa45531d0aad3799ba9131f24373ba80c105caee58209a9510596423f33077056c8b98d33792e0a9f867c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bd815844a56055d1f7daf45af0c7b76

    SHA1

    7a2ab5becc6e02df77e3efa48ceddd5d253fdc83

    SHA256

    138043a98785ec86fb6609e6df4de788493c94c22bd150a32df90bed454b43b1

    SHA512

    ea7ca31dbf5927afe9e586543b23dc3ba1140bb74483dff16ebe5b82e329b409d2130a6d24d9e2521b46886064fa3a56e4dad162c5bf224daf6a4dc46e886a0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a9a42c5c292c91456175ec3a67cfa66

    SHA1

    b47d55d63f5e69e18756f977d5588521dc230246

    SHA256

    e7f574ed723c14acdbf347fa0d4ad00e81c453dfa093fc6f71a62c31de1dbecf

    SHA512

    4a0a2b68d5316655b86f7e40ca69a9cc533ce50572d6bebe33ffad725d0f88d0559f801f0b8b398acd08d169f6e0b35e2e45f0c4709110aea3cdd5f6850723a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    a90a9eda80923002606f099d1e19e933

    SHA1

    b80ecf6c23cace3e580cf4af64c82049b4f275b4

    SHA256

    ecf3cf0582ed63130dde26d60fb5d8c6c4163fba951dc523425be2fdac810b37

    SHA512

    b2657bdcdb5ba5e46456cdfa6916cd1126de217452d1ad4498287b61e070599dfa002eba20be84575e5440cedd496234022a5a6dc8a23c787b87ab26a6880270

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5f5nsah\imagestore.dat
    Filesize

    24KB

    MD5

    1df344d95ff6fd8bf15fa902a3a0824d

    SHA1

    be8c2783025161d45315d56a97c7f026811a8c9c

    SHA256

    619780fb1d777212897351254ec0790898d75f3492bb4b5352ce39e5646c1666

    SHA512

    1d1c4412f481f3e6135ec1d614156eca6492e67e6935ee71f1c87ab729e4dc6ee3fce8dca2250d4692d04439060dd454c231c2f6651ec484d5678320eb5d1bac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA43GQEJ\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFA1A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFA5B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2668-11-0x0000000140000000-0x0000000140BC8000-memory.dmp

    Filesize

    11.8MB

    Download

  • memory/2668-8-0x0000000077460000-0x0000000077462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2668-10-0x0000000077460000-0x0000000077462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2668-15-0x0000000140000000-0x0000000140BC8000-memory.dmp

    Filesize

    11.8MB

    Download

  • memory/2668-6-0x0000000077460000-0x0000000077462000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2668-3-0x0000000077450000-0x0000000077452000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2668-1-0x0000000077450000-0x0000000077452000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2668-526-0x0000000140261000-0x00000001405A8000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2668-0-0x0000000140261000-0x00000001405A8000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2668-5-0x0000000077450000-0x0000000077452000-memory.dmp

    Filesize

    8KB

    Download